0.001 Low
EPSS
Percentile
34.2%
rails-html-sanitizer is vulnerable to cross-site scripting (XSS) attacks. Attackers can use non-whiltelisted attributes within sanitized output to inject and execute arbitrary webscript.
github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
groups.google.com/forum/#!msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ